incorrect checksum for freed object - object was probably modified after being freed. how can I fix it?

Question

While running the code I am getting the error: ds(57203,0x70000fba3000) malloc: * error for object 0x7ff875402848: incorrect checksum for freed object - object was probably modified after being freed. * set a breakpoint in malloc_error_break to debug

Sometimes it works, sometimes it crashes after trying to malloc a new node (see createNode function) so I suspect the error is coming from there.

What am I doing wrong? How can I fix it?

I've tried debugging the code and changing several mallocs but couldn't fix the problem.

As I told earlier, I suspect the error is in createNode function.

    #include <pthread.h>
    #include <stdio.h>
    #include <stdlib.h>
    #include <stdbool.h>
    #include <unistd.h>
    #include <dirent.h>
    #include <string.h>


void* threadFunction(void* searchTerm);
void scanDirName(char * path, char * searchTerm);
char* rootSD;
pthread_mutex_t qlock;

struct Node {
    char* data;
    struct Node* next;
};

// Two glboal variables to store address of front and rear nodes.
    struct Node* front = NULL;
    struct Node* rear = NULL;

// To Enqueue an integer
void Enqueue(char* x) {
    pthread_mutex_lock(&qlock);
/*    printf("\nhere\n");*/
    struct Node* temp = (struct Node*)malloc(sizeof(struct Node));
    temp->data =x;
    temp->next = NULL;
    if(front == NULL && rear == NULL){
        front = rear = temp;
        pthread_mutex_unlock(&qlock);
        return;
    }
    rear->next = temp;
    rear = temp;
    pthread_mutex_unlock(&qlock);
}

// To Dequeue an integer.
char* Dequeue() {
    pthread_mutex_lock(&qlock);
    struct Node* temp = front;
    if(front == NULL) {
        pthread_mutex_unlock(&qlock);
        return NULL;
    }
    char* data;
    data = front->data;
    if(front == rear) {
        front = rear = NULL;

    }
    else {
        front = front->next;
    }

    free(temp);
    pthread_mutex_unlock(&qlock);
    return data;
}


void Print() {
    struct Node* temp = front;
    while(temp != NULL) {
        printf("%s ",temp->data);
        temp = temp->next;
    }
    printf("\n");
}

void* threadFunction(void* st){

    char* filepath;
    filepath = NULL;
    char* searchTerm;
    searchTerm = (char*)st;

    while (filepath == NULL) {
        filepath = Dequeue();
    }

    printf("about to enter with %s, %s\n",filepath, searchTerm);
    fflush(stdout);
    scanDirName(filepath, searchTerm);
    if (strcmp(filepath,rootSD) != 0)
        free(filepath);
    return (void*)1;


}

void scanDirName(char * path, char * searchTerm){
    DIR * d = opendir(path); // open the path
    char* str3;

    if(d==NULL) return; // if was not able return

;

    struct dirent * dir; // for the directory entries
    while ((dir = readdir(d)) != NULL) // if we were able to read somehting from the directory
    {

        if(dir-> d_type == DT_DIR){ //
            if (dir->d_type == DT_DIR && strcmp(dir->d_name, ".") != 0 & strcmp(dir->d_name, "..") != 0) // if it is a directory
            {
                str3 = malloc(1+strlen("/") + strlen(searchTerm)+ strlen(dir->d_name) );
                if (!str3){
                    return;
                }

                strcpy(str3, path);
                strcat(str3, "/");
                strcat(str3, dir->d_name);
                printf("\n---\n%s\n---\n",str3);
                Enqueue(str3);
                printf("Succ");
            }
        } else if(dir-> d_type == DT_REG){ //
            if(strstr(dir->d_name, searchTerm)){

                printf("%s/%s\n", path, dir->d_name);
            }
        }

    }
    closedir(d); // finally close the directory
}

int main(int argc, char* argv[]){


    if (argc != 4){
        printf("ERROR\n");
        exit(1);
    }
    char* rootSearchDir = argv[1];
    char* searchTerm = argv[2];
    int threadsNumber = atoi(argv[3]);

    pthread_t threadsCollection[threadsNumber];

    rootSD = rootSearchDir;
    Enqueue(rootSearchDir);

    int i;
    for (i=0; i<threadsNumber; i++){
        if(pthread_create(&threadsCollection[i], NULL, threadFunction, (void*)searchTerm)) {

            fprintf(stderr, "Error creating thread\n");
            return 1;

        }
    }

    int rc;

    for (i=0; i<threadsNumber; i++){
        rc = pthread_join((threadsCollection[i]), NULL);
        if(rc) {
            fprintf(stderr, "Error joining thread, %d\n", rc);
            return 1;

        }
    }



}

}

This code searches for files that their name contains searchTerm starting from root search dir using threads.

Answer 1

The problem is you are allocating size of searchTerm but copying the path.

The chances of length of path and length of searchTerm is same is less. Thus accessing out of bound for str3 and invoking undefined behavior.

         str3 = malloc(1+strlen("/") + strlen(searchTerm)+ strlen(dir->d_name) );
            if (!str3){
                return;
            }

            strcpy(str3, path);  //Here
            strcat(str3, "/");
            strcat(str3, dir->d_name);

To solve allocate the memory with length of path.

str3 = malloc(1+strlen("/") + strlen(path)+ strlen(dir->d_name) );